Security - good coders code, great reuse

Here is something for all you hackers out there reading my blog: all the videos from the previous year’s biggest and greatest hacker conference — DefCon 15!

I found these videos via this post on Roy/SAC’s blog. He bought a full set of DVDs for several hundred dollars and uploaded them to Google Video! I sincerely appreciate his effort!

Total of more than 200 videos!

For your convenience, here is the full DefCon 15 session listing:
Download Full DefCon 15 Session Listing (.pdf).

You’re welcome to comment here on lectures you found intriguing and liked the most!

T101: Making of the DEFCON 15 Badges by Joe Grand
T102: Q&A with Bruce by Bruce Schneier
T103: Turn-Key Pen Test Labs by Thomas Wilhelm
T104: How I Learned to Stop Fuzzing and Find More Bugs by Jacob west
T105: Convert Debugging - Circumventing Software Armoring Techniques by Danny Quist & Valsmith
T106: Functional Fuzzing with Funk by Benjamin Kurtz
T107: Tactical Exploitation by H.D.Moore & Valsmith
T108: Intelligent Debugging for vuln-dev by Damien Gomez
T109: Fingerprinting and Cracking Java Obfuscated Code by Subere
T110: Comparing Application Security Tools by Edward Lee
T111: Meet the Feds (Panel Discussion)
T112: No-Tech Hacking by Johnny Long
T131: The SOA/XML Threat Model and New XML/SOA/Web 2.0 Attacks & Threats by Steve Orrin
T133: Pen-testing Wi-Fi by Aaron Peterson
T134: Hacking EVDO by King Tuna
T135: Multipot - A More Potent Variant of Evil Twin by K.N.Gopinath
T136: The Next Wireless Frontier - TV White Spaces by Doug Mohney
T137: Creating Unreliable Systems - Attacking the Systems that Attack You by Sysmin & Marklar
T138: GeoLocation of Wireless Access Points and “Wireless GeoCaching” by Ricky Hill
T139: Being in the Know… Listening to and Understanding Modern Radio Systems by Brett Neilson
T140: The Emperor Has No Cloak - Web Cloaking Exposed by Vivek Ramachandran
T141: Hardware Hacking for Software Geeks by nosequitor & Ab3nd
T142: The Church of WiFi Presents: Hacking Iraq by Michael Schearer
T161: HoneyJax (aka Web Security Monitoring and Intelligence 2.0) by Dan Hubbard
T162: Hacking Social Lives: MySpace.com by Rick Deacon
T163: The Inherent Insecurity of Widgets and Gadgets by Aviv Raff & Iftach Ian Amit
T164: Greater Than 1 - Defeating “Strong” Authentication in Web Applications (for Online Banking) by Brendan O’Connor.
T165: Intranet Invasion With Anti-DNS Pinning by David Byrne
T166: Biting the Hand that Feeds You - Storing and Serving Malicious Content From Well Known Web Servers by Billy Rios & Nathan McFeters
T201: Church Of WiFi’s Wireless Extravaganza by Church of WiFi’s
T202: SQL Injection and Out-of-Band Channeling by Patrik Karlsson
T203: Z-Phone by Phillip Zimmermann
T204: OpenBSD Remote Exploit and Another IPv6 Vulnerabilities by Alfredo Ortega
T205: MQ Jumping by Martyn Ruks
T206: Virtual World, Real Hacking by Greg Hoglund
T207: It’s All About the Timing by Haroon Meer & Marco Slaviero
T208: Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing by Jared DeMott, Dr. Richard Enbody & Dr. Bill Punch
T209: How Smart is Intelligent Fuzzing - or - How Stupid is Dumb Fuzzing? by Charlie Miller
T210: INTERSTATE: A Stateful Protocol Fuzzer for SIP by Ian G. Harris
T211: One Token to Rule Them All by Luke Jennings
T212: Trojans - A Reality Check by Toralv Dirro & Dirk Kollberg
T231: Multiplatform Malware Within the .NET-Framework by Paul Ziegler
T232: Malware Secrets by Valsmith & Delchi
T233: 44 Lines About 22 Things That Keep Me Up at Night by Agent X
T234: Click Fraud Detection with Practical Memetrics by Broward Horne
T235: Fighting Malware on your Own by Vitaliy Kamlyuk
T236: Virtualization: Enough Holes to Work Vegas by D.J.Capelis
T237: Homeless Vikings, (Short-Lived bgp Prefix Hijacking and the Spamwars) by Dave Josephsen
T238: Webserver Botnets by Gadi Evron
T239: The Commercial Malware Industry by Peter Gutmann
T240: CaffeineMonkey - Automated Collection, Detection and Analysis of Malicious JavaScript by Daniel Peck & Ben Feinstein
T241: Greetz from Room 101 by Kenneth Geers
T242: Estonia and Information Warfare by Gadi Evron
T261: The Completion Backward Principle by geoffrey
T262: Boomstick Fu: The Fundamentals of Physical Security at its Most Basic Level by Deviant Ollam, Noid, Thorn, Jur1st
T263: Locksport: An Emerging Subculture by Schuyler Towne
T264: Satellite Imagery Analysis by Greg Conti
T265: High Insecurity: Locks, Lies, and Liability by Marc Weber Tobias & Matt Fiddler
T301: Analysing Intrusions & Intruders by Sean Bodmer
T302: Aliens Cloned My Sheep by Major Malfunction
T303: Breaking Forensics Software by Chris Palmer & Alex Stamos
T304: Re-Animating Drives and Advanced Data Recovery by Scott Moulton
T305: Cool Stuff Learned from Competing in the DC3 Digital Forensic Challenge by David C. Smith
T306: Windows Vista Log Forensics by Rich Murphey
T307: When Tapes Go Missing by Robert Stoudt
T308: CiscoGate by The Dark Tangent
T309: Hacking UFOlogy - Thirty Years in the Wilderness of Mirrors by Richard Thieme
T311: Hack Your Car for Boost and Power! by Aaron Higbee
T312: The Executable Image Exploit by Michael Schrenk
T331: A Crazy Toaster: Can Home Devices Turn Against Us? by Dror Shalev
T332: IPv6 is Bad for Your Privacy by Janne Lindqvist
T333: Injecting RDS-TMC Traffic Information Signals a.k.a. How to freak out your Satellite Navigation by Andrea Barisani
T335: Unraveling SCADA Protocols: Using Sulley Fuzzer by Ganesh Devarajan
T336: Hacking the Extensible Firmware Interface by John Heasman
T337: Hacking your Access Control Reader by Zac Franken
T338: Security by Politics - Why it Will Never Work by Lukas Grunwald
T339: Kernel Wars by Joel Eriksson, Karl Janmar, Claes Nyberg, Christer Öberg
T340: (un)Smashing the Stack: Overflows, Counter-Measures, and the Real World by Shawn Moyer
T341: Remedial Heap Overflows: dlmalloc styl by atlas
T342: Thinking Outside the Console (box) by Squidly1
T361: Hacking the EULA44 - Reverse Benchmarking Web Application Security Scanners by Tom Stracener & Marce Luck
T362: Network Mathematics - Why is it a Small World? by Oskar Sandberg
T363: Beyond Vulnerability Scanning - Extrusion and Exploitability Scanning by Matt Richard
T364: LAN Protocol Attacks Part 1 - Arp Reloaded by Jesse D’Aguanno
T365: Entropy-Based Data Organization Tricks for Log and Packet Capture Browsing by Sergey Bratus
T366: Securing Linux Applications With AppArmor by Crispin Cowan
T401: Disclosure and Intellectual Property Law - Case Studies by Jennifer Granick
T402: Computer and Internet Security Law - A Year in Review 2006-2007 by Robert Clark
T403: Picking up the Zero Day; An Everyones Guide to Unexpected Disclosures by Dead Addict
T404: Everything you ever wanted to know about Police Procedure in 50 minutes by Steve Dunker
T405: Bridging the Gap Between Technology and the Law by John Benson
T406: Protecting Your IT Infrastructure From Legal Attacks - Subpoenas, Warrants and Transitive Trust by Alexander Muentz
T407: Digital Rights Worldwide: Or How to Build a Global Hacker Conspiracy by Danny O’Brien
T408: A Journalist’s Perspective on Security Research by Peter Berghammer
T409: Teaching Hacking at College by Sam Bowne
T410: Faster PwninG Assured: New adventures with FPGAs by David Hulton
T411: Ask the EFF (Panel Discussion)
T431: The Market for Malware by Thomas Holt
T433: Routing in the Dark - Pitch Black by Nathan Evans & Christian Grothoff
T434: Technical Changes Since You Last Heard About Tor by Nick Mathewson
T435: Social Attacks on Anonymity Networks by Nick Mathewson
T436: Tor and Blocking - Resistance by Roger Dingledine
T438: Saving the Internet With Hate by Zed Shaw
T439: Securing the Tor Network by Mike Perry
T441: Portable Privacy by Steve Topletz
T442: Real-time Steganography with RTP by |)ruid
T501: Vulnerabilities and The Information Assurance Directorat by Tony Sager
T502: Meet The VCs (Panel Discussion)
T503: Anti Spyware Coalition (Panel Discussion)
T504: Disclosure Panel (Panel Discussion)
T505: Dirty Secrets of the Security Industry by Bruce Potter
T506: Self Publishing in the Underground by Myles Long, Rob “Flack” O’Hara and Christian “RaD Man” Wirth
T507: The Hacker Society Around the (Corporate) World by Luiz Eduardo
T508: Creating and Managing Your Security Career by Mike Murray & Lee Kushner
T509: kNAC! by Ofir Arkin
T531: Hack Your Brain with Video Games by Ne0nRa1n & Joe Grant
T532: How to be a WiFi Ninja by Pilgrim
T534: The Science of Social Engineering: NLP, Hypnosis and the Science of Persuasion by Mike Murray & Anton Chuvakin
T535: Black Ops 2007: Design Reviewing The Web by Dan Kaminsky
T536: The Edge of Forever - Making Computer History by Jason Scott
T538: Stealing Identity Management Systems by Plet
T539: Internet Wars 2007 (Panel Discussion)

Have fun!

When I was developing the reddit media: intelligent fun online website, I needed to embed reddit’s up/down voting buttons to allow users to cast votes on media links directly from the site.

I remembered that reddit had decided not to display posts with a submission time less than two hours ago.

This left me thinking, if the scores are not displayed for new posts, what’s the point of having vote boxes on a just posted article page? I thought, it wouldn’t make sense if it wasn’t available. Quickly did I find a link on reddit’s new page which seemed to have received a few votes and added a reddit’s button to an empty HTML document.

A reddit voting button/widget can be embedded on a site by putting the following JavaScript code fragment anywhere in the HTML source:


<script>reddit_url='[URL]'</script>
<script>reddit_title='[TITLE]'</script>
<script language="javascript" src="http://reddit.com/button.js?t=2"></script>

where the URL is the URL to the article and TITLE is the title of the article.

VoilÃ ! I now know something nobody else did - how many votes had the post received!